Advantech’s EKI industrial-grade Wi-Fi access points have been found to contain over 20 security vulnerabilities, six of which are classified as critical. These flaws, disclosed by cybersecurity company Nozomi Networks, could enable attackers to bypass authentication, execute remote code with root privileges, and compromise the affected devices entirely. The risks associated with these vulnerabilities include denial-of-service (DoS) attacks, persistent backdoor access, and lateral movement across networks. Advantech has issued firmware updates to address the issues, urging users to patch immediately to mitigate potential exploitation.
Among the critical vulnerabilities are five OS command injection flaws (CVE-2024-50370 through CVE-2024-50374, CVSS scores: 9.8) and a missing authentication flaw (CVE-2024-50375, CVSS score: 9.8). These weaknesses allow attackers to gain root-level access, manipulate device functionality, and implant malicious scripts. Additionally, a cross-site scripting (XSS) vulnerability (CVE-2024-50376, CVSS score: 7.3) can be exploited in tandem with another OS command injection flaw (CVE-2024-50359, CVSS score: 7.2) to execute arbitrary code. Together, these vulnerabilities create a significant risk of remote exploitation.
The attack chain leverages the “Wi-Fi Analyzer” feature in the access points’ web application, which embeds data from received beacon frames without adequate sanitization. A rogue access point broadcasting a malicious SSID can exploit this flaw to inject JavaScript code into the administrator’s browser. This injected code can then escalate the attack, enabling remote command execution and persistent control of the device. Attackers could use this foothold to infiltrate networks, extract sensitive data, or deploy additional malicious payloads.
Advantech has released firmware versions 1.6.5 and 1.2.2 to address these vulnerabilities for affected models, including EKI-6333AC-2G, EKI-6333AC-2GD, and EKI-6333AC-1GPO. Organizations relying on these devices should prioritize updating to the latest firmware to safeguard against these critical risks. Failure to do so could leave systems exposed to potentially devastating cyberattacks, compromising the confidentiality, integrity, and availability of connected networks.
